Full Group Summary

The endpoint allows clear focus on how the data behaves when it is on, or passing through the endpoint, says Peter Stephenson.

Endpoint security has, arguably, been trying to sort out its niche for years. That is no surprise since the nature of the endpoint has been a moving target. It now seems likely though that the companies that focus their efforts on endpoints have it right: it's the data, not the endpoint itself.

The endpoint is just a component of the enterprise that is the ingress and egress point for much of the data that enters and exits the network. While it may not always be the last thing the data sees as it leaves the network or the first thing it sees as it enters, it certainly is the focus of the important data-centric activity. So it makes sense that focusing on the data as it passes through, into or out of the endpoint should be a key aspect of network security. If the endpoint itself is data-centric, it also makes sense that the protection applied to it should also be data-centric, that just about sums up the products that we looked at this month.

If we are going to focus on the data, we need to understand it. That means being able to define what it is, where it came from and where it is going. Add some rules that define where it should go and some configuration bits, and we start to see a new product type that has risen from what we always have thought of as 'endpoint security'.

Firstly, it always was about the data. We just approached it differently. We treated the endpoint as if it was a standalone device and asked: 'how should we protect the data on this?' That was fine as long as we were sure what that endpoint looked like, what kinds of data it might contain, who might be using it and where the data was likely to go.

If we had a desktop computer, we might be concerned about controlling what data could be burned to a CD or taken away on a USB drive. We cared a lot about malware, so we wanted to make sure that there was a current version of malware protection on the device. Some of those traditional tasks are still important for endpoint security tools, but now some are being handled more efficiently by other products.

For example, checking to make sure that the anti-malware protection is current can be done more efficiently by a NAC device. That lets us unload that task from the endpoint.

Regarding the notion of the endpoint being data-centric, if we look closely at the data and control it, we probably are doing exactly what we should be doing at the endpoint. So we need to consider where the data is going. Once data is sitting on the endpoint, there are just two things that can happen to it that we want to protect against: theft of the device and exfiltration of the data.

Theft of the device can be covered by encryption at the hard disk level (or the non-volatile memory equivalent for most mobile devices). Exfiltration takes a bit more effort. Data can exit because someone with access - legitimate (or not) - wants it to. They want to ship it to storage in the cloud, for example. Once in the cloud, the organisation has lost control of the information asset. That means that the endpoint security needs to understand the data that it is protecting, and most of our products this month refer to that process as being 'content aware'.

While we have not lost the network-centric functions - such as NAC, policy management, anti-malware gateways or data leakage protection - targeting the last bastion of protection, the endpoint, allows clear focus on how the data behaves when it is on, or passing through, the endpoint. Consequently, if all of the network lose track of the activities they are supposed to be tracking, the endpoint can take over. It also means that, for example, someone sitting in an airport lounge using an iPad, not connected to their network, they really do not need to worry about their data. Also, a CISO can worry a bit less about a rogue employee quietly shipping company secrets to Dropbox just before he quits and goes to work for the competition.

SC Media UK arms cyber-security professionals with the in-depth, unbiased business and technical information they need to tackle the countless security challenges they face and establish risk management and compliance postures that underpin overall business strategies.